US DoJ seized domains used by North Korean IT workers to defraud businesses worldwide
October 21, 2023
The U.S. government seized 17 website domains used by North Korean IT workers in a fraudulent scheme to defraud businesses worldwide.
The U.S. government announced the seizure of 17 website domains used by North Korean information technology (IT) workers as part of a fraudulent scheme illicit scheme to defraud businesses worldwide.
The illicit funds defraud U.S. and foreign businesses, evade sanctions and fund the development of the DPRK government’s weapons program.
The operation aimed at evade sanctions and fund the development of the DPRK government’s weapons program.
The US authorities seized approximately $1.5 million of the revenue that the IT workers obtained from their illegal activity in October 2022 and January 2023.
“These seizures follow the previously sealed October 2022 and January 2023 court-authorized seizures of approximately $1.5 million of the revenue that the same group of IT workers collected from unwitting victims as a result of their scheme, as well as the development of public-private information-sharing partnerships that denied the IT workers access to their preferred online freelance work and payment service providers.” reads the DoJ’s announcement.
Most of the ill-intentioned information technology workers live in China and Russia, their mission was to deceive companies worldwide into hiring them under fake identities.
The North Korean IT workers used any means to cover their operations, including pseudonymous email, social media, payment platforms, online job sites, counterfeit websites, proxy servers situated across the world, as well as the involvement of informed and uninformed third parties. The IT workers annually generated substantial sums of money on behalf of designated entities, including the North Korean Ministry of Defense and others directly implicated in the DPRK’s United Nations-prohibited Weapons of Mass Destruction (WMD) initiatives.
In some cases investigated by the US Government, the IT workers also infiltrated the computer networks of unwitting employers to steal information and maintain access for future malicious activities. The U.S. government described this scheme in a May 2022 advisory.
The group of DPRK IT workers that designed the 17 website domains seized by the authorities work for the PRC-based Yanbian Silverstar Network Technology Co. Ltd. and the Russia-based Volasys Silver Star, which had previously been sanctioned in 2018 by the Department of the Treasury.
These IT workers sent the proceeds from their deceptive IT activities to North Korea by utilizing online payment platforms and Chinese bank accounts.
“Employers need to be cautious about who they are hiring and who they are allowing to access their IT systems,” said U.S. Attorney Sayler A. Fleming for the Eastern District of Missouri. “You may be helping to fund North Korea’s weapons program or allowing hackers to steal your data or extort you down the line.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, North Korean IT workers)